Lucene search
K

6776 matches found

Cvelist
Cvelist
added 2012/05/24 11:0 p.m.34 views

CVE-2011-3188

The 1 IPv4 and 2 IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service disrupted networking or hijack network sessions by predicting...

8.8AI score0.05689EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2012/05/23 12:0 a.m.35 views

CVE-2012-1172

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid open square bracket characters in name values, which makes it easier for remote attackers to cause a denial of service malformed $FILES indexes or conduct directory traversal attacks during multi-file...

5.8CVSS7.2AI score0.06365EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2012/05/21 4:32 p.m.14 views

tomcat: Multiple weaknesses in HTTP DIGEST authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weak...

5CVSS6.1AI score0.0854EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/05/21 4:28 p.m.5 views

tomcat: Multiple weaknesses in HTTP DIGEST authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weak...

5CVSS6.1AI score0.0854EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/05/21 4:28 p.m.6 views

tomcat: Multiple weaknesses in HTTP DIGEST authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability th...

5CVSS6.1AI score0.0854EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/05/21 4:19 p.m.7 views

tomcat: Multiple weaknesses in HTTP DIGEST authentication

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weak...

5CVSS6.1AI score0.0854EPSS
Exploits0References4
NVD
NVD
added 2012/05/16 12:55 a.m.15 views

CVE-2011-3085

The Autofill feature in Google Chrome before 19.0.1084.46 does not properly restrict field values, which allows remote attackers to cause a denial of service UI corruption and possibly conduct spoofing attacks via vectors involving long values...

5CVSS6.1AI score0.01414EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2012/05/16 12:55 a.m.2 views

CVE-2011-3085

The Autofill feature in Google Chrome before 19.0.1084.46 does not properly restrict field values, which allows remote attackers to cause a denial of service UI corruption and possibly conduct spoofing attacks via vectors involving long values...

5CVSS8.5AI score0.01414EPSS
Exploits0References9
securityvulns
securityvulns
added 2012/05/14 12:0 a.m.39 views

libtasn1 / GnuTLS memory corruption

Memory corruption on some malformed values...

5CVSS2.1AI score0.0446EPSS
Exploits1References1Affected Software2
OpenVAS
OpenVAS
added 2012/05/02 12:0 a.m.73 views

Mozilla Products Multiple Vulnerabilities (May 2012) - Mac OS X

Mozilla Firefox/Thunderbird/Seamonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.8AI score0.10098EPSS
Exploits1References20
OpenVAS
OpenVAS
added 2012/04/30 12:0 a.m.43 views

Ubuntu: Security Advisory (USN-1429-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.8AI score0.05044EPSS
Exploits1References2
Mozilla
Mozilla
added 2012/04/24 12:0 a.m.59 views

Invalid frees causes heap corruption in gfxImageSurface — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found a heap corruption in gfxImageSurface which allows for invalid frees and possible remote code execution. This happens due to float error, resulting from graphics values being passed through different number system...

10CVSS1.7AI score0.10098EPSS
Exploits0References2Affected Software5
UbuntuCve
UbuntuCve
added 2012/03/28 10:55 a.m.22 views

CVE-2012-1570

The resolver in MaraDNS before 1.3.0.7.15 and 1.4.x before 1.4.12 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain name...

4.3CVSS5.9AI score0.02481EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2012/03/12 12:0 a.m.31 views

FreeBSD Ports: chromium

The remote host is missing an update to the system as announced in the referenced advisory. VID 99aef698-66ed-11e1-8288-00262d5ed8ee OpenVAS Vulnerability Test $ Description: Auto generated from VID 99aef698-66ed-11e1-8288-00262d5ed8ee Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

7.5CVSS0.2AI score0.02195EPSS
Exploits2
NVD
NVD
added 2012/03/05 7:55 p.m.12 views

CVE-2011-3032

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG values...

6.8CVSS6.8AI score0.01854EPSS
Exploits1References17
UbuntuCve
UbuntuCve
added 2012/03/05 7:55 p.m.23 views

CVE-2011-3032

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG values...

6.8CVSS7.2AI score0.01854EPSS
Exploits1References2
Prion
Prion
added 2012/03/05 7:55 p.m.22 views

Design/Logic Flaw

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG values...

6.8CVSS7.5AI score0.01854EPSS
Exploits1References17Affected Software5
ATTACKERKB
ATTACKERKB
added 2012/03/05 7:55 p.m.1 views

CVE-2011-3032

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG values...

6.8CVSS5.9AI score0.01854EPSS
Exploits1References18
CVE
CVE
added 2012/03/05 7:0 p.m.80 views

CVE-2011-3032

CVE-2011-3032 is a use-after-free vulnerability in Google Chrome's SVG value handling, affecting Chrome versions prior to 17.0.963.65. Remote attackers could cause a denial of service or possibly other impact via SVG value handling vectors. The issue is mitigated by updating Chrome to 17.0.963.65...

6.8CVSS6.9AI score0.01854EPSS
Exploits1References17Affected Software1
Debian CVE
Debian CVE
added 2012/03/05 7:0 p.m.18 views

CVE-2011-3032

Removed by vendor...

6.8CVSS9.4AI score0.01854EPSS
Exploits1
Rows per page
Query Builder